Author: Fabian Greffrath <fabian+debian@greffrath.com>
Description: Fix buffer overflows when using long filenames or
 passwords as arguments. Thanks, Antoine Cervoise.
Bug-Debian: https://bugs.debian.org/736929

--- a/source/apps/unace/exe/commline/commline.c
+++ b/source/apps/unace/exe/commline/commline.c
@@ -474,8 +474,10 @@ INT       SwitchNumber,
 
           case APPS_UNACE_EXE_COMMLINE_SWITCH_P:
           {
-            strcpy(BASE_OPTIONS.ExtractOptions.CryptionData.Password,
-                   Switch + 1);
+            const size_t size = sizeof(BASE_OPTIONS.ExtractOptions.CryptionData.Password) - 1;
+            strncpy(BASE_OPTIONS.ExtractOptions.CryptionData.Password,
+                    Switch + 1, size);
+            BASE_OPTIONS.ExtractOptions.CryptionData.Password[size] = 0;
 
             BASE_CRYPT.DoUseCurrentPassword = 1;
 
@@ -539,8 +541,10 @@ PCHAR     PointPos;
   {
     if (APPS_EXE_COMMLINE.ArgumentCount < APPS_EXE_COMMLINE.ArgumentsNumber)
     {
-      strcpy(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
-             APPS_EXE_COMMLINE.Arguments[APPS_EXE_COMMLINE.ArgumentCount++]);
+      const size_t size = sizeof(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName) - 1;
+      strncpy(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
+              APPS_EXE_COMMLINE.Arguments[APPS_EXE_COMMLINE.ArgumentCount++], size);
+      APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName[size] = 0;
 
       BASE_PATHFUNC_ToSystemPathSeparator(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName);
 
@@ -555,6 +559,8 @@ PCHAR     PointPos;
               && !BASE_CONVERT_StrICmp(PointPos, ".ace")
               && !BASE_CONVERT_StrICmp(PointPos, ".exe")))
       {
+        if (size - strlen(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName) >=
+            strlen(BASE_ACESTRUC_EXTENSION))
         strcat(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
                BASE_ACESTRUC_EXTENSION);
       }
